[TIL] Learning note about Docker Swarm Mode

Start Docker Swarm Mode

Docker Swarm Mode is specific for Docker Swarm Version 2 which only enable after Docker 1.12. It is cluster management system for Docker.

Install Docker-Machine:

Better to prepare at least 3 docker-machine for swarm node.

If you use Docker for Mac or Docker for Windows beta, you still need install `docker-machine.

• Install docker-machine:

curl -L https://github.com/docker/machine/releases/download/v0.7.0/docker-machine-`uname -s`-`uname -m` > /usr/local/bin/docker-machine && \
chmod +x /usr/local/bin/docker-machine

Run Docker Swarm

Start to create 3 docker machine for cluster management.

docker-machine create --driver virtualbox v1
docker-machine create --driver virtualbox v2
docker-machine create --driver virtualbox v3

Init cluster leader in v1

docker-machine ssh v1

For example if your v1 node IP address is 192.168.99.110.

docker swarm init --listen-addr 192.168.99.110:2377 --advertise-addr 192.168.99.110

Init Other Worker Node v2, v3

Let v2, v3 join cluster as nodes.

Login and Control v2.

docker-machine ssh v2
docker swarm join --token SWMTKN-1-3h0ndq6j0agkl1inb7sd9gnrk1va4e0sggw74jsaj7xkx75c7n-31coul06qcdb7g411ww8jnurw 192.168.99.110:2377

> This node joined a swarm as a worker.

Login and Control v3.

docker-machine ssh v2

docker swarm join --token SWMTKN-1-3h0ndq6j0agkl1inb7sd9gnrk1va4e0sggw74jsaj7xkx75c7n-31coul06qcdb7g411ww8jnurw 192.168.99.110:2377

> This node joined a swarm as a worker.

Start Create Service in Swarm Mode.

docker-machine ssh v1
docker service create --name vote -p 8080:80 instavote/vote

Check service if exist

docker service ls

ID            NAME  REPLICAS  IMAGE           COMMAND
7lwioo4526w7  vote  1/1       instavote/vote

Check service if exist

docker service ps vote


ID                         NAME    IMAGE           NODE  DESIRED STATE  CURRENT STATE            ERROR
2peq9y4gv2ba3tijnp5vnfuj5  vote.1  instavote/vote  v1    Running        Running 11 minutes ago
b2qpn2e5xhy6hjdvelxjpqt74  vote.2  instavote/vote  v2    Shutdown       Shutdown 21 seconds ago
cjnd7rq37ldmvoq0id8tba7hp  vote.3  instavote/vote  v2    Shutdown       Shutdown 21 seconds ago

Scale it

docker service scale vote=3

You will see every service will allocate one service.

docker service ps vote

ID                         NAME        IMAGE           NODE  DESIRED STATE  CURRENT STATE                ERROR
2peq9y4gv2ba3tijnp5vnfuj5  vote.1      instavote/vote  v1    Running        Running 13 minutes ago
4x5kihy8z89mj9u2vyne2x3ec  vote.2      instavote/vote  v2    Running        Running 8 seconds ago
9ins324mae19gpzsli925ivtr  vote.3      instavote/vote  v3    Running        Preparing 11 seconds ago

If you try to reload it, the container ID will change. It is Load Balancer support for docker swarm.

Service Update

docker service update --image instavote/vote:movies vote

docker service ls

ID            NAME  REPLICAS  IMAGE                 COMMAND
7lwioo4526w7  vote  2/3       instavote/vote:movies

Rolling Update

docker service update vote --image instavote/vote:movies --update-parallelism 2 --update-delay 10s

Rolling update at most two server, once delay 10 seconds.

Global Service

docker service create --mode=global --name prometheus prom/prometheus

Fault Tolerance**

You can shutdown any server node, it will auto recover scale to other remain servers.

Note: If you don’t include secret and --ca-hash when worker join to master. The Routing Mesh doesn’t work correctly.

New Feature in Docker Swarm Mode

Routing Mesh

Once you one a service in any one node in this cluster, you can connect to any node to get your service.

ex:

Assume you have three machine v1 is leader and v2, v3, v4 is worker node.

docker service create --name vote -p 8080:80 instavote/vote
docker service tasks vote

Once your create a 8080 port service in this cluster. All nodes will listen 8080 port for this service.

No Matter Docker Swarm arrange which node to run vote sercice (on v2, v3 or v4.)

You can call any node to get this service.

http://v1:8080
http://v2:8080
http://v3:8080
http://v4:8080

The worker node will use gossip protocol to ask all relevant node to retrieval correct node and response directly.

Built-in Load Balancer

Built-in layer 4 load balancing service.

For example:

• If you have node v1, v2, v3, v4
• Run and Scale vote to 4 docker service scale vote=4
• Once you connect to any node, the container ID will change. (Auto Load Balancer)

Note for Docker 1.12 GM version:

• After Docker 1.12 RC to 1.12 GM version, there is no need for start a service. All service will auto start after your create it. (No docker service task $SERVICE )
• If you have multiple network card, you might need specific --advertise-addr when your init docker swarm leader.

Under the hood

Swarm Mode Flow:

• Manager: docker swarm init --listen-address=xxxx
  • Create TLS Root key CA
• Worker: docker swarm join xxx
  • Manager create new key-pair for this worker
  • Key-pair signed bu Root CA
  • Deliver key to worker via TLS

Role and Responsibility

• Manager:
  • Response for orchestration
  • Create TLS Root CA
  • Perform health-check for each worker
  • Using Raft consensus algorithm to sync status and command betwen managers.
  • Using memory to storage all data, no extra K-V DB.
• Worker:
  • Using Gossip for job detribution speed up worker node communication.

Reference

• Docker Swarm Mode Tutorial
• What’s New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
• Docker 1.12 Swarm Mode – Under the hood
• What’s New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16